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Defending Privacy at the U.S. Border: 


A Guide for Travelers Carrying Digital Devices 


Our lives are on our laptops — family photos, medical documents, banking information, details 
about what websites we visit, and so much more. Thanks to protections enshrined in the U.S. 


Constitution, the government generally can't snoop through your laptop for no reason. But 


those privacy protections don't safeguard travelers at the U.S. border, where the U.S. govern- 


ment can take an electronic device, search through all the files, and keep it for a while for 


further scrutiny — without any suspicion of wrongdoing whatsoever. 


For doctors, lawyers, and many business 
professionals, these border searches can com- 
promise the privacy of sensitive professional 
information, including trade secrets, attorney- 
client and doctor-patient communications, 
research and business strategies, some of 
which a traveler has legal and contractual obli- 
gations to protect. For the rest of us, searches 
that can reach our personal correspondence, 
health information, and financial records are 
reasonably viewed as an affront to privacy and 
dignity and inconsistent with the values of a 
free society. 


Despite the lack of legal protections against 
the search itself, however, those concerned 
about the security and privacy of the informa- 
tion on their devices at the border can use 
technological measures in an effort to protect 
their data. They can also choose not to take 
private data across the border with them at all, 
and then use technical measures to retrieve it 
from abroad. As the explanations below dem- 
onstrate, some of these technical measures are 


simple to implement, while others are complex 


and require significant technical skill. 


Why might people want to protect 
their data at the border? 


Business travelers, lawyers, doctors, or 
other professionals may have confi- 
dential or privileged information on 
their laptops that they don’t want oth- 
ers to see or that they are obligated by 
law or contract to protect. 


People may have sensitive personal 
information on their devices such as 
medical records, financial documents, 
and years of correspondence with fam 
ily, friends and business associates. 


Some travelers may have repeated dif- 
ficulties crossing the border, and wish 
to take proactive steps to protect their 
data in light of their past experiences. 


Some may feel as a matter of principle 
that the government shouldn't be 
able to view their private information 
simply because they choose to travel 
internationally. 





Why Can My Devices Be Searched at the Border? 


The Fourth Amendment to the United States Constitution protects us against unreasonable 


government searches and seizures. This generally means the government has to show a court 


probable cause that a crime has been committed and get a warrant before it can search a loca- 
tion or item in which you have a reasonable expectation of privacy. But searches at places where 
people enter or leave the United States may be considered “reasonable” simply because they 
happen at the border or an international airport. 


Several federal courts have considered whether the government needs any suspicion of criminal 
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activity to search a traveler's laptop at the U.S. border. Unfortunately, so far they have decided 
that the answer is no.’ Congress has also weighed several bills to protect travelers from suspi- 


cionless searches at the border, but none has yet passed.” 


For now, a border agent has the legal authority to search your electronic devices at the border 


even if she has no reason to think that you've done anything wrong. 


How the Government Searches Devices at the 


Border 


‘There are two government agencies primarily responsible for inspecting travelers and items 
entering the United States: the Department of Homeland Security's Customs and Border Pro- 
tection (CBP) and Immigration and Customs Enforcement (ICE). (Occasionally, CBP or ICE 

can make special arrangements to question a passenger departing from the United States or 


inspect her belongings, but neither agency 
routinely does so.) 


‘The law gives CBP and ICE agents a great 
deal of discretion to inspect items com- 
ing into the county. While it’s impossible 
to know for sure how they'll handle every 
border search situation, agencies have 
published their policies for searching elec- 
tronic devices and data. 


CBP tells its agents that “with or without 
individualized suspicion,’ they can inspect 
electronic devices and data encountered 

at the border.’ The agency can keep your 
computer or copies of your data for a 
“brief, reasonable” amount of time to be 
searched on- or off-site. Ordinarily, this 
isn't more than five days.* CBP recognizes 
that agents might run across privileged or 
sensitive information stored on devices, 
but does not clearly explain the procedures 
for handling it. When CBP agents experi- 
ence technical difficulties or encounter in- 
formation that is encrypted or written in a 
foreign language, they may send the device 
or a copy of the data to other government 
agencies that might be able to help access 
the information.° Border agents dont need 
any suspicion of wrongdoing to seek this 
assistance,’ and it’s unclear whether the 
cooperating agencies can keep copies of the 
data they receive indefinitely. 
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Which Three-Letter Acronym Was That 
Again? 


The Department of Homeland Security 
(DHS) has several departmental missions, 
including to “secure[] the nation’s air, land and 
sea borders to prevent illegal activity while 
facilitating lawful travel and trade” Department 
of Homeland Security Missions and Responsi- 
bilities, http://www.dhs.gov/xabout/responsi- 
bilities.shtm (last visited Oct. 4, 2011). 


Customs and Border Protection (CBP) is 
the primary agency that inspects and searches 
travelers entering the United States. For exam- 
ple, when you arrive in the U.S., you can expect 
to be interviewed at the border by a CBP agent 
and to present your Customs declaration to 
another CBP agent. 


Immigration and Customs Enforcement 
(ICE) investigates violations of laws related 

to borders. Although ICE has border search 
authority, it isn’t routinely involved in searching 
or interviewing travelers at ports of entry. 


The Transportation Security Administra- 
tion (TSA) is responsible for transportation 
security within the United States, and does not 
perform searches at the border. Normally, TSA 
searches travelers before they board a plane, 
not after they land. You can expect to be 
searched by TSA when departing the U.S. by 
air, but the screening TSA performs is usually 
identical for domestic and international pas- 
sengers. 
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Like CBP agents, ICE agents may inspect electronic devices and the information on them 
“with or without individualized suspicion.’’ ICE will typically complete searches of devices 
and copies of data within 30 days,’ though anecdotal reports suggest that travelers’ devices are 
sometimes detained for significantly longer periods of time.'° ICE's policy, like CBP’s directive, 
says that agents may seek technical assistance from others to translate or decrypt data,'' and is 
similarly vague about how agents should handle privileged or sensitive information.’ 


Beyond seizing the device at the border, the government may take a device to a location away 
from the border for further inspection.” If this occurs, searches of devices that are conducted at 
a time and/or place removed from the initial border stop can become extended border searches 
that require reasonable suspicion of wrongdoing or even regular searches that require a prob- 
able cause warrant,'* 


In short, border agents have a lot of latitude to search electronic devices at the border or take 
them elsewhere for further inspection for a short period of time, whether or not they suspect a 
traveler has done anything wrong, 


For now, the government searches only a small percentage of international travelers’ electronic 
devices. According to documents obtained by the American Civil Liberties Union through the 
Freedom of Information Act, more than 6,500 people traveling to and from the United States 
had their electronic devices searched at the border between October 2008 and June 2010, an 
average of more than 300 border searches of electronic devices a month. Almost half of those 
travelers were U.S. citizens.’” This means that these searches are a regular occurrence, but one 
that most travelers will never encounter given the number of travelers who cross the border 
each month, 


‘The frequency of technology-oriented searches at the border may increase in the future. Re- 
searchers and vendors are creating tools to make forensic analysis faster and more effective, 
and, over time, forensic analysis will require less skill and training.’* Law enforcement agencies 
may be tempted to use these tools more often and in more circumstances as their use becomes 
easier. 


Deciding How to Protect Your Data 


Different people will choose different kinds of precautions to protect their data at the border 
based on their experience, perception of risk, and other factors. There is no particular ap- 
proach we can recommend for all travelers. ‘These are some of the considerations you 
might take into account: 


+ Your citizenship, immigration, or residence status. If you are not a U.S. citizen, you may 
be more easily denied entry into the country, and so you may want to be especially careful 
to avoid situations where border agents might consider you uncooperative for taking steps 
to protect your data or politely refusing to provide encryption passwords. 


+ Time sensitivities. Is it important for you to reach your destination by a certain time? 
If border agents hold you up with questioning or attempts to search your devices, it may 
wreak havoc on your travel schedule. 


+ How much hassle you're willing to tolerate from border agents. If you want to secure 
your data but are uncomfortable about the possibly of appearing uncooperative with border 
agents, it might be best to avoid such awkward situations all together. For example, you 
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might choose to take a blank device over 
the border and download your data once 
you reach your destination rather than 
face an uncomfortable interaction with 

a border agent who wants to search the 
data on your device. 


How important it is for you to have ac- 
cess to your data during your journey. 
Consider whether you'll need your data 
with you on the plane, or whether you 
can wait until you've crossed the border 
to access it. 


How good your Internet access will be 
during your travels. If you'll have access 
to lots of bandwidth, you might be able 
to download the data you need once you 
reach your destination. 


The countries you've visited before 

entering the United States. Travel to 
certain countries may draw additional 

scrutiny from border agents. 


Your history with law enforcement. If 
you are subject to an ongoing investiga- 


Case Scenario: Business Concerns 


Alice is a frequent business traveler who of- 
ten needs access to proprietary information 
that her company considers highly sensitive 
and confidential. When she travels for work, 
she takes a special laptop that contains the 
minimum information necessary for her 
trip. Before she leaves the country, she uses 
strong cryptography to encrypt that infor- 
mation. She also sets up two separate log-in 
accounts on the computer: a protected 
account where the encrypted files may be 
accessed, and a separate account for other 
uses of the laptop. Anyone who wants to 
view the confidential data must log in to 
the protected account and then decrypt 
the files. Only Alice’s employer knows the 
passwords to the account and encrypted 
data, and the company’s IT department 
sends the passwords to her in an encrypted 
email message so that she can access the 
data abroad. Before she returns to the US., 
she securely wipes her laptop. 





tion or otherwise under suspicion for any reason, you may be screened or questioned more 


intensively. 


Some Basic Precautions 


All computer users who carry important information on portable devices should be aware of 
two basic precautions: 


+ Making regular backups, which ensures that your important information stays available to 
you if your computer is ever taken from you, lost, or destroyed. (If you don't have access to 
your computer, you'll still have access to your data.) 


+ Encrypting the information on the computer, which ensures that your information stays 
confidential from other people whom you don't authorize to access it. (If you lose control of 
your computer, other people wont have access to your data.) 


In the infancy of personal computing, experts put particular emphasis on the need to make 
backups. Today, we think these two precautions are really halves of a larger whole: making sure 
that that information stays available to those you want to have it, and that it's not available to 
others. Applying these precautions can help you deal with travel incidents well beyond the 
comparatively unusual case of border searches, like if you leave a laptop in a taxi or if someone 
steals your backpack or purse from a café. 


‘The right time to get started with both of these precautions is before your trip, when you're at 
home or at work and have more time and greater access to other people who can help you get 
set up appropriately. 
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‘There are also other more elaborate precautions which you might find useful. After discussing 
the basics, we'll suggest several of these below. Note that many of the precautions we will dis- 
cuss address the possibility that your electronic devices are taken away from you, and examined 
for hours by a trained expert. For travelers who feel that this is an important concern, it’s worth 
understanding what the capabilities of that expert examiner may be. 


Backups 


Every year millions of computer users lose important information accidentally for want of a 
good, current backup, so there are many good reasons other than the possibility of a border 
search or seizure for you to have a current backup. In modern practice, backups are most often 
made onto another computer over a network. (See our discussion of on-line service privacy in 
the next section — Backups Using the Internet.) You can also back up to an external hard drive, 
which can be extremely quick and easy. 


Backups are especially important for travelers, since, aside from the possibility of a border 
search or seizure, travel presents many opportunities for losing your computer or data. 


Backups Using the Internet 
When youre backing up your computer over a network, bear in mind that 


+ Your connection to the server should be encrypted to prevent eavesdropping that would 
reveal the contents of your backup. 


+ ‘The content of your backups should also be encrypted so that the backup service itself 
can't read them. (Currently, only a few services automate this process for you.) 


+ Your backups should be frequent, especially while you're traveling away from home. They 
can be incremental so that only things that have changed since your previous backup are 
actually transmitted over the network. 


+ Your Internet access will need to be fast enough to transfer the amount of information 
you have to back up in the time you have available. 


Storing information with an online service, sometimes also called a “cloud service,’ is a popular 
choice today; it may have significant benefits for reducing the amount of data that could be 
exposed to a border search. For instance, you could keep your email with a webmail provider 
and not on your laptop, or edit documents on a network service like Google Docs, or store files 
with a service like SpiderOak instead of on your computer. Devices like Chromebooks can do 
this automatically so that you rarely physically store information on a laptop at all. Relying on 
network services and network storage has both advantages and disadvantages for privacy. 


Pro: Data is not stored on your device, is not actually carried across the border, and is not 
subject to a physical border search. You can truthfully tell agents that the data is simply not 
present on your device at all; you are not carrying it with you. 


Con: Some data that you store with a third-party online service provider in the United States 
enjoys less legal protection than data you store on your own computer. 


You can get the best of both worlds when you encrypt your data separately before storing it 
with a cloud storage provider. Then the cloud storage provider does not know the information 
required to decrypt the data, so it can't access your data at all. Some cloud storage providers like 
SpiderOak”, Tarsnap’’, and Wuala’? make this kind of protection a standard part of their ser- 
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vices, while tools like Duplicity” and Tahoe-LAFS”' let you set up your own encrypted backup 


infrastructure. 


If you decide to move some files into cloud storage before crossing the border rather than 
keeping your files there all along, remember that merely deleting files won't always remove their 
names or contents from your device. See The Challenges of Secure Deletion, below. 


Hard Drive Image Backups 


If you have a large external hard drive at home, you can make a byte-for-byte image copy of 
your laptop hard drive before your trip; then you can install a fresh operating system for travel 
purposes, overwriting the laptop contents. When you return home, you can restore the image 
copy onto your laptop (overwriting the travel operating system) and pick up where you left 
off, 


Regardless of what operating system you usually run, you can do this most easily with a Linux 
ive CD. (This operation happens below the level of the operating system, so it can be used 
on any operating system.) The external drive to which you make the backup should itself be 
encrypted, because the backup contains all of the information from your hard drive (includ- 
ing things you may think are deleted, and including saved passwords and authorization 
credentials) in a usable, accessible form. 





Note that making or restoring a full-drive backup can take a long time; it’s usually limited by 
the capacity of the connection to the external hard drive and could be up to several hours for 
a large laptop drive. 


Since hard drive sizes have been growing faster than Internet connection speeds, image 
backups over the Internet are unlikely to be feasible except in the most highly Internet- 
connected places. (An Internet-based image backup is similar to swapping hard drive images 
onto an external disk, except that the external disk isn’t physically plugged into the local com- 
puter but is located somewhere else. Encryption should be used to protect the hard drive's 
contents.) 





Backups Using an External Hard Drive 


You can also easily make a backup onto an external hard drive instead of (or in addition to) a 
network server. This hard drive can, and should, be encrypted so that only someone who knows 
the proper passphrase can read its contents. In general, store and transport your backup and 
your computer separately. In particular, we recommend you don’t carry your backup across 
the border at the same time as the computer it’s backing up! 


Remember that backups can take time, so plan accordingly. Using a USB connection, a 60 GB 
laptop drive could take over 15 minutes to back up (probably longer), while a 1 TB drive could 
take around five hours. You can use incremental backups together with encryption to make 
the time a bit shorter. USB’s peak data rate is 60 MB/s (for USB 2, the latest version you can 
assume is widely supported), so plan ahead and use incremental backups where appropriate. 
Note that current computers might let you connect external drives using Firewire, or eSATA 
interfaces as well, although the most universally compatible is USB, which is also the slowest 
(unless you have USB 3, which is still uncommon as of mid-2011). 


A 2 TB external drive (self-contained and ready to use) is relatively cheap and is probably more 
than sufficient for a complete encrypted backup of any computer you're likely to use. You can 
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also get an enclosure to turn an internal hard drive into an external hard drive. High-quality 
enclosures are also relatively inexpensive and protect the internal drive against physical damage, 
as well as providing power and making it easy to plug and unplug the drive. 


Case Scenario: Doctor Confidentiality 


Akina is a doctor in Japan. She is traveling to the United States with her young son to attend 
a relative’s wedding. She wants to ensure that she can access any email messages that her 
patients send her while she is abroad, and considers it critical to protect the confidentiality 
of those messages. On the other hand, she doesn't want any confrontation with the border 
agents — she worries that being detained will upset her child, and, if they are refused entry, 
they will miss the wedding. Akina chooses not to carry a laptop at all. Instead, before her trip, 
she mails a travel laptop to her relative in the United States. After the wedding, she securely 
wipes the laptop and takes it back to Japan with her. 





Minimizing Data You Carry 


One strategy for protecting your data when traveling is to minimize how much data you carry. 
This can be as simple as choosing not to bring a device which may hold sensitive data with you 
during a border crossing, or it can involve removing data you don't want border agents to ac- 
cess. [here are a wide variety of ways to effectively remove data, depending on the devices and 
network access that you have. 


One approach is to physically remove the hard drive from your laptop before your trip. You 
might purchase a separate laptop hard drive for travel purposes and install a fresh operat- 
ing system on it. Then you can switch hard drives before and after your trip and pick up where 
you left off when you get back home. 


Alternatively, you can remove your hard drive before your trip and use your computer with 
no hard drive at all (by starting an operat- 
ing system from a CD, USB drive, or SD 


card). See the Operating System on an SD Case Scenario: Philosophical 


Card section below for a more detailed Grounds 

discussion. Instead of storing files on a hard oward firmly believes as a matter of prin- 
drive, you can store them on a USB or SD iple that the government has no business 
medium or on a network server that you ifting through the contents of his laptop, 
access via an encrypted connection. Again, nd he's willing to stand up for that belief. 








ing around Asia for three months. He backs 


up his data on a remote server before his 
trip. He also uses strong cryptography to 
encrypt his hard drive and chooses a strong 
passphrase. If the border agents ask him 

for the passphrase, he intends to say no. He 
trip. knows this might cause the agents to seize 
the laptop, but they are unlikely to break the 
password, and he can still have access to the 
information on the laptop because he has 
stored it remotely. 


laptop hard drive back in when your trip is 
complete. In any case, you can ensure that 
the information on your laptop while you're 
traveling is minimized and that you have 
only the information you'll need during the 


You could also use an inexpensive travel 
computer on which, by design or by prac- 
tice, you avoid saving files, instead storing 





them “in the cloud” on network servers. A 
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traditional netbook is suitable for this, while a Chromebook running ChromeOS helps au- 
tomate the process. (Bear in mind that common application software could leave forensically 
recoverable data on the local hard drive even if you normally only save files on network servers.) 
They could make good investments for frequent travelers. Note that, if you do consider using 
cloud data storage, it’s important to keep in mind the privacy concerns associated with giving a 
service provider access to your data; for instance, though Chromebooks store little data locally, 
Google can access the information these devices store in Google's cloud service. We discuss 
these issues in Backups Using the Internet, above. 


As a way of limiting what they physically carry across an international border, some travelers 
will send computers, hard drives, USB flash drives, or SD cards through the mail or other 
shipping service. The legal protection afforded to computers and data sent via international 
mail is not appreciably better than at border crossings,” but travelers can at least know that 
they wont be questioned about those devices while they and the devices are both under border 
agents control. 


The Challenges of Secure Deletion 


Simply deleting data from your hard drive with your normal OS file deletion features is not 
secure and the data is still present and recoverable on your hard drive. Just because deleted 
files are no longer visible in your operating system's file manager does not mean that a forensic 
expert cant undelete them or deduce that they were once present. ‘The forensic software will 
examine the bytes actually stored on disk, which contain much more information than your 
operating system shows you. 


Even if you delete files securely when uploading them, there might still be local traces of those 
files’ contents because of cached copies, metadata, and swap space issues.”*? For example, file 
names of cloud-stored files may still be mentioned on your hard drive. Perhaps copies of some 
of them are temporarily downloaded while you're working on them, and the local traces or even 
the complete contents would then be visible with appropriate forensic software. 


Securely erasing files requires overwriting them, not just pressing “delete” in the user interface 
or emptying an electronic wastebasket. As Simson Garfinkel explains, it also doesn't work to 
just “format” a hard drive on most systems.”* Remember: an action may appear to erase or sani- 


tize data, but may be easily undone by a knowledgeable forensic examiner.” 


You can use DBAN”* to delete entire laptop hard drives (or external hard drives or memory 
cards) safely. According to more recent research, multiple-pass overwriting (something ex- 
tensively promoted during the 2000s) is probably not necessary. This is important because 
multiple-pass overwriting often takes most of a full day and has discouraged people from using 
secure deletion tools, especially if they're in a hurry. Single-pass overwriting in a correctly-im- 
plemented secure deletion tool is qualitatively much better than nothing, and especially much 
better than deciding not to overwrite data at all because of the time it would take! 


There are some types of software — known as secure file deletion utilities or Secure Empty 
Trash — which might be be useful for erasing individual files safely. However, in modern 
computing environments, these methods are not necessarily fail-safe when faced with expert 
forensic analysis. We do not recommend that you rely on them for removing your sensitive 
data from a device. 


Some operating systems have a useful way to “clear free space” on a disk. If your system has 
this feature, it helps make most kinds of deleted data hard to undelete, but deleted regions or 
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data within files or databases may not be purged if the files or databases themselves still exist. 
For example, clearing free space should prevent the undeletion of deleted files, but perhaps not 
undeletion of deleted emails and web history if they were stored inside of larger files that still 
exist. 


A perennial problem is that many kinds of application software invisibly leave traces behind 
when you open or work with files. For example, applications might make a temporary copy, or 
list a file's name in a“Recently used documents” list. Forensic software is written to be aware of 
these traces and search them out. This is also a substantial risk for people who use disk en- 
cryption to protect data on removable storage devices.”” With this concern in mind, the most 
prudent course would be to assume that some trace of any files viewed or edited on a particu- 
lar computer could still be present on that computer's hard drive. That's why using full-disk 
encryption is, according to some researchers, “the safest strategy” (although less helpful if you 
anticipate turning over your passphrase if asked). 


Operating System on an SD Card 


On the most modern laptops, it’s possible to use an SD card like a hard drive; thus, you can 
choose to use an SD card in place of a conventional hard drive and keep your entire operating 
system and all your data on on it. (You should still use disk encryption for the data on the SD 
card.) Since you can keep the SD card in your pocket or wallet when it’s not in use, it’s con- 
siderably harder for someone to take it from you without your knowledge or tamper with it 
(although, since it's so tiny, it's much easier to lose). 


You can also easily prepare several different operating system images on separate SD cards, 
for separate purposes or separate trips. In this case, it’s easier to send them in the mail or even 
easily erase or destroy a card when you no longer need it. Privacy expert Chris Soghoian, who 
described this technique, reports that his laptop gets better battery life when he uses an SD 
card in place of a hard drive”’. 


You can even use the same SD card in a digital camera for taking photos, so that a single card 
serves both as your camera storage medium and your encrypted hard drive. 


Encryption 


Disk encryption protects your data if your computer is ever lost or stolen during your travels, 
so it’s a useful precaution even for people who plan to cooperate completely with border agents’ 
requests for assistance in inspecting devices. Also, using encryption can help ensure you know 
whether your computer was actually searched, because you are “in the loop” — a successful 
search will not happen without your knowledge. If you dont use full-disk encryption, border 
agents can search your computer in another room and you wont necessarily know whether this 
has happened, because they will not require your cooperation. 


Account Passwords Versus Full-Disk Encryption 


People often decide that they need to “set a password on their computer” in order to protect 
their data. This intuition is right, but the details matter quite a lot; not all ways of “setting a 
password” provide the same kind of protection, and many dont involve any encrypton. 


An account password or screen-lock password is enforced by the operating system code. 
‘The operating system is configured to ask for the password and won't allow access unless the 
right one is provided. But the data is still simply present on the hard drive. An account pass- 
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Threats to Disk Encryption 


Full-disk encryption is not an impregnable solution to all concerns about data privacy. It 
could conceivably be bypassed in certain ways: 


By breaking into your computer while you're using it (with a Trojan horse or spearphish- 
ing, or exploiting a vulnerability in software that you use). 


With a cold boot attack if the attacker has control of your computer while it’s turned on, 
after you've already entered your passphrase (even if the screen is locked or the comput- 
er is in “suspend” mode). 





With an evil maid attack if the attacker has control of your computer while it's turned off 
and you use it later on without realizing the attack has happened. 


By learning your encryption passphrase or key with high-tech surveillance techniques 
(such as video surveillance or emanations monitoring). 


A simple precaution against cold boot attacks at the border is available. You should always 
turn off your computer (physically power off, not “suspend” or“hibernate’ and not 
just closing the lid) before crossing the border. |f a computer is on and you have previ- 
ously entered the disk encryption passphrase, there are techniques for extracting it directly 
from the computer's memory (even if the screen is locked). Powering the computer off pre- 
vents these techniques from working. 





word is easily bypassed by accessing the same disk using a different operating system, which 
wont require that the correct account password be entered. Alternatively, the hard drive could 
be physically removed from the computer and read using a different computer; again, no pass- 
word would be needed. 


By contrast, disk encryption uses mathematical techniques to scramble data so it is unintel- 
ligible without the right key. This mathematical protection works independently of the policies 
configured in the operating system software. A different operating system or computer can- 
not just decide to allow access, because no computer or software can make any sense of the data 
without access to the right key. 


This distinction makes a major practical difference. Bypassing an account password is a routine 
operation that can be done automatically with forensic software that bypasses the operating 
system and looks directly at the disk, interpreting its contents for the forensic analyst; your 
account password is no obstacle for this forensic software. CBP, ICE and other federal law 
enforcement agencies have staff with extensive training in the use of forensic software and are 
prepared to use it if they think the contents of your computer are interesting enough. 


Fortunately, modern computer systems come with comparatively easy full-disk encryption tools 
that let you encrypt the contents of your hard drive with a passphrase that will be required 
when you start your computer. Using these tools is the most fundamental security precaution for 
computer users who have confidential information on their hard drives and are concerned about 
losing control over their computers — not just at a border crossing, but at any moment during a trip 
when a computer could be lost or stolen. 
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Choosing a Disk Encryption Tool 


Choosing encryption tools is sometimes chal- 
lenging because there are so many options avail- Case Scenario: Documentary Film- 
able. For the best security, choose a full-disk en- | maker 

cryption tool that encrypts everything on your 
computer rather than a file-encryption tool 
that encrypts individual files separately. This 


Bill is a filmmaker who has made several 
documentaries over the past few years 
about the efforts of authoritarian govern- 
ments to suppress dissent in their na- 
tions. He traveled to a couple of Middle 
system now comes with encryption options. Eastern countries last year, and has faced 
heavy questioning at the U.S. border ever 
since. He is working on a new project in 
Tunisia, where he filmed interviews with 
several dissidents, and he wants to do 
everything possible to protect the con- 
made it available with certain versions of fidentiality of this footage. He needs to 
Microsoft Windows. transport several hundred GBs of video 
into the United States from Tunisia. His 
Internet access is not good, so uploading 
it to a remote server is not a realistic op- 
tion. Bill chooses to store the encrypted 
video files on discs with a strong pass- 
phrase and asks a friend to mail them to 
him in the United States. Then he secure- 
ly wipes his laptop and brings it back into 
the United States with him. 


may need to be set up at the time your operating 





system is first installed. Every major operating 








+ Microsoft BitLocker in its most secure 





mode is the gold standard because it pro- 
tects against more attack modes than other 
software. Unfortunately, Microsoft has only 








+ TrueCrypt has the most cross-platform 
compatibility. 


+ Mac OS X and most Linux distributions 
have their own full-disk encryption software 
built in. 


For more detailed information about the advan- 
tages and disadvantages of various tools, consult 


the Wikipedia article on comparison of full-disk 





encryption software.” 


Choosing a Secure Passphrase 


Unlike other passwords, cryptographic passwords specifically need to be long and extremely 
hard to guess. This is because a computer (or a cluster of many computers) can be pro- 
grammed to try trillions or quadrillions or more of possibilities automatically. If the password 
is too short or otherwise constructed in too predictable a way, this brute force guessing ap- 
proach will eventually succeed in cracking the password by trying every possibility. 


Approaches to choosing encryption passwords that don't take account of this reality are obso- 
lete. For instance, many users have historically been trained to use random passwords around 
7-8 characters and containing letters, numbers, and punctuation marks, like these: 


TThIr’'9 = &ROHFKEV —ig#tW}i7,—s 9/NKgKal =G>oX/7lp —_s@;30:[E 


‘These passwords are certainly hard to remember and hard for a human being to guess, but 
they're simply not safe enough as cryptographic passwords against modern crypto-cracking de- 
vices, which would easily be able to guess each of them, In 1999, EFF built a crypto-cracking 
machine that could try 256 possibilities in under three days.” That's about enough to try every 
nine-letter password made of letters, numbers, and punctuation. Bear in mind that this was a 
non-profit organization's proof-of-concept project from twelve years ago! It's a certainty that 
government agencies can crack even longer passwords with ease today. 


Fortunately, modern practice provides useful alternatives. Instead of using a single word as an 
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encryption password, it’s now normal to use a long text called a passphrase.*’ Arnoud Engel- 
friet defines a passphrase this way: 


A passphrase is a sentence or phrase used instead of a single password. Because of its 
length, a passphrase is more secure than a password. By using a phrase, it still is easy to 


remember.” 


While some traditional advice emphasizes (correctly) that one should not use a dictionary 
word as one’s password, modern practice shows that using multiple dictionary words in one's 
passphrase is useful. Our calculations confirm that relatively short series of truly randomly 
chosen English dictionary words are secure; many people find these somewhat more memo- 
rable. The important thing is to choose enough words and to choose them in a random way. 

A useful technique for choosing secure passphrases with combinations of words is called 
Diceware; this approach was devised by Arnold G. Reinhold.** The Diceware approach can 
be carried out with actual physical dice, or using any of a variety of software applications, and 
offers a complete recipe for making safe and memorable passphrases. 


A major advantage of passphrases made of words is that it’s often possible to think of a mne- 
monic that allows you to easily memorize your passphrase. Randall Munroe'’s xkcd comic 
shows a typical example for the Diceware-like phrase “correct horse battery staple”**: a horse is 
being congratulated on correctly identifying a staple protruding from a battery. 


goooonoosnoooo0n =|, ~28 a Part WAS IT TROMBONE? NO, 
UNCOMMON ORDER ooO00ono TROUBADOR. AND ONE OF 


ooo0eoo0n pb 


oe UNION eve THE Os WAS A ZERO? 


000 


\ 
= : AND THERE WAS _ 
TrQu b4do or a3 coos || 


(Cpacereis aemnen of ve Rare. 
WEB SERVICE. YES, CRACKING A STOLEN 
HASH 15 FASTER, BUT Is NOT WHAT THE 

AVERAGE USER SHOULD KoRRY ABOUT.) 


DIFFICULTY TO GUESS: | | DIFFICULTY TO REMEMBER: 


~44Y BITS OF ENTROPY 
OOOOOoODoOnoOO 
ObDOoORgo0o0000 
































oo000o0n0onooO0 





correct horse battery staple 


oo00000 ooo0on DoooadD oDn0oo0oo nonooooo00oo 
ooo000 Doooo ooooo aoondo 


ae | 7 Bika 
1000 GUESSES/SEC 
FOUR RANDOM 
COMMON WORDS DIFFICULTY To GUESS: a TO REMEMBER: 
HARD MEMORIZEO IT 


THROUGH 20 YEARS OF EFFORT, WE'VE SUCCESSFULLY TRAINED 
EVERYONE TO USE PASSWORDS THAT ARE HARD FOR HUMANS 
To REMEMBER, BUT EASY FoR COMPUTERS To GUESS, 











Note: this phrase, while memorable, is likely not long enough to be truly secure against 
cracking by specialized encryption-cracking tools or machines, since Munroe’s advice 
doesn’t aim to protect against this kind of attack. A strong passphrase would be longer 
or incorporate words froms a larger word list, like: “exultantly barnacle slipshod Vancou- 
ver rumble.’ This is also memorable! The Diceware article discusses in more detail how to 
ensure your passphrase is long enough. 
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Another popular modern approach is to use a phrase, sentence, song lyric, poem, or long acro- 
nym that has been modified in an unguessable way, such as by changing the spacing, punctuation, 
spelling, or capitalization in an idiosyncratic way, or altering the topic of the text or combining 
several unrelated texts together.” 


When encryption passphrases are forgotten, the disk contents will become completely unus- 
able. By design, the disk encryption software author is unable to override or bypass the protec- 
tion. Some systems like BitLocker suggest making a spare copy of the passphrase and storing 
it somewhere safe and inconspicuous, physically distant from the computer it protects. There 
are also technologies for allowing multiple people to share parts of the passphrase so that it 
can only be recovered if several of them cooperate (usually, implementations of Shamir’s Secret 
Sharing Scheme, such as the ssss** and Secret Sharp®’ software). If you worry that you might 
forget your passphrase, you could use this software to securely split it into pieces and store the 
pieces in different places. 


Border Agent Demands for Access to Data 


If a border agent asks you to provide an account password or encryption passphrase or to 
decrypt data stored on your device, you dont have to comply. Only a judge can force you to 
reveal information to the government, and only to the extent that you do not have a valid Fifth 
Amendment right against self-incrimination.*® 


However, if you refuse to provide 


TrueCrypt Hidden Volumes 


information or assistance upon 





request, the border agent may The TrueCrypt encryption software tries to provide 
seize your device for further in- “deniability” by letting you create multiple en- 
spection or consider you uncoop- crypted disks protected by separate passwords in 
erative, which the agent may take such a way that the existence of additional hidden 
into consideration when deciding data can't be easily proven or disproven. These ad- 
whether to allow you to enter the ditional encrypted disks are known as hidden vol- 


United States. umes. Although TrueCrypt hidden volumes may 
have some practical applications, we think they 
are unlikely to be useful in the border search 
context because they are most helpful when lying 
to someone about whether there is additional hid- 
den data on a disk. Lying to border agents is not 
advisable, because it can be a serious crime. 


If you are planning to bring 
encrypted or password-protected 





information over the border, it’s 
best to decide ahead of time how 
you would respond to a border 
agent's request for help to inspect 
data. The best answer for your 





particular circumstance may be 

to cooperate or to politely decline to provide information. You could also choose to avoid the 
situation altogether by bringing a blank device over the border and downloading your data once 
you reach your destination. 


Another option is to generate a long and not-very-memorable encryption password before your 
trip, and then have someone else hold onto it and send it to you later, after you've crossed the 
border. This might be especially practical with a work computer if you have support from an IT 
department at your workplace, because the IT department could hold onto the password for 
you and let you know it when you check in with them again.” 


For more advice on dealing with agents at the border, see the section titled Interacting with 
Border Agents. 
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Technology-specific Considerations 


Flash Drives 


Flash memory devices (including USB flash drives and SD cards) are used as the internal 
storage in most cell phones and digital cameras. Securely erasing their contents can pose an 
extra challenge because of a technology called wear leveling, which tries to prevent you from 
repeatedly writing to the same place on the disk. That means that special forensic techniques 
involving physically disassembling the flash drive can sometimes reconstruct contents that you 
attempted to overwrite, because the flash drive decided to put the overwriting data in a differ- 
ent physical location from the overwritten data.” This kind of forensic examination is much 
rarer than basic disk forensics and is probably only a concern in a tiny number of situations. 


Mobile Phones and Similar Devices 


Devices like mobile phones increasingly hold tremendous amount of sensitive information, 
including photos and email messages that just a few years ago might have been found only in 
cameras and laptops. Often, they contain lists of your friends and colleagues and detailed logs 
of when you communicated with them. Some mobile phones also store detailed logs of your 
physical location over time. 


Although setting a password on your phone can be a sensible precaution, it’s worth emphasiz- 
ing that the password and screen-locking features that come with most phones provide no 
meaningful protection against a skilled exam- 


iner. [hese passwords are like user account Case Scenario: Activist Associa- 


passwords on a PC, not like passphrases for tions 


disk encryption; an examiner will not need 
to discover what the password is in order to Vera has lots of friends who are involved in 


bypass it. controversial activism, and some of them 
have had their laptops seized at the U.S. 
Temporary Phones for Travel border. Vera isn’t an activist herself, but 
worries that the government will take an 
If your mobile phone uses the international interest in her if it learns that she's friendly 
GSM standard (usually the case for non-U.S. with people who are activists. She takes 
mobile subscribers, or for U.S. customers of a travel laptop on an international trip 
T-Mobile and AT&T Wireless), you can avoid with the minimum information necessary, 
taking your normal phone on your interna- leaving most of her data at home. Before 





she enters the United States, she signs 


tional trip at all, even if you want to use your nicola 
out of her Gmail, Twitter and Facebook ac- 


counts and makes sure that the passwords 
aren't stored in her browser. She also uses 
WhisperCore’s full disk encryption app 

to secure the contacts, text messages, 


existing phone number.” Just get a different 
GSM-compatible phone and transfer your 
SIM card from your regular phone into the 
new phone. Your temporary phone will have 


far less of your private data on it, but since and other content stored on her Android 
your phone number is associated with the SIM phone. If asked for the passwords, she 
card rather than with the phone itself, you intends to say no. She knows this might 
can still be reached at your normal telephone cause the agents to seize the devices, but 


number (assuming that you have chosen to en- they are unlikely to break the passwords, 


able international roaming services on your cell which are very strong. If that happens, 
Vera will still be able to access all the in- 


formation on the devices because she has 
stored it remotely. 


phone account). When your trip is over, you 
can swap the SIM card back. 
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Secure Deletion of Data and Disk Encryption for Mobile Devices 


It's very hard to be sure that information on mobile devices has been truly deleted. You might 
choose to delete information such as SMS messages so that they are not visible to someone 
looking through your phone, but there is typically no meaningful secure deletion option. A 
sophisticated forensic analysis may still reveal the contents of these deleted messages. 


If your mobile device has a removable memory card such as an SD card, you can most securely 
wipe its contents by physically removing it from the mobile device and wiping it using secure 
deletion software in a PC. 


In most cases, it may be better to travel with a separate mobile device that holds little private 
data rather than trying to rely on your phone's security features to prevent border agents from 
reading private data. 


If you prefer to travel with your everyday mobile device, it may support specialized encryp- 
tion software. The most recent release of Android for tablets (but not mobile phones) has a 
comprehensive encryption option, while some Android devices can be protected with add-on 
software like WhisperCore (which requires a fresh installation of the phone software). Whis- 
perCore also supports making a networked backup of a phone's contents, securely erasing 
them, and re-downloading them later. BlackBerry devices also have potentially effective secu- 
rity options that may be able to protect data even against an expert; if you have an enterprise- 
managed BlackBerry, you can check out your user manual or ask your IT department about 
these features. 


Digital Cameras 


Agents may well ask to look through the contents of cameras, whether to try to disprove some- 
one’s claim about where they traveled, in search of sexually explicit photographs, or simply out 
of curiosity. 


Be aware that border agents may search your camera, copy its contents, or try to undelete im- 
ages or videos that you believe you've deleted and that are no longer visible from the camera's 
user interface.” There is no simple precaution against this, although low-level formatting or 
low-level overwriting a memory card in its entirety, using a computer and not a camera, should 
prevent undeletion; you should not rely on this unless you're familiar with exactly what the 
formatting process is doing. (Notably, high-level formatting of memory cards, or of hard drives, 
is totally ineffective against forensic analysis.) 


The same considerations apply to camcorders and to the camera in your mobile phone. 


Interacting with Border Agents 


Border agents have a great deal of discretion to perform searches and make determinations of 
admissibility at the border. Keep in mind that any traveler, regardless of citizenship status or 
behavior, can be temporarily detained by border agents for more detailed questioning, a physi- 
cal search of possessions, or a more extensive physical search.*? Refusal to cooperate with 
searches, answer questions, or turn over passwords to let agents access or decrypt data may 
cause lengthy questioning, seizure of devices for further examination, or, in extreme circum- 
stance, prevent admission to the country. 


For this reason, it may be best to protect your data in ways that don't require you to have awk- 
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ward confrontations with border agents at all. If you find yourself in such a situation, however, 
keep these tips in mind: 


Don’t Lie 


It's extremely important that you do not tell a lie to a border agent. Doing so is a serious crime 
for which you may be prosecuted even if your lie was not told to conceal any wrongdoing,” If 
you are absolutely sure that you dont want to answer a specific question, it’s better to politely 
decline to answer than to give a false answer. 


Don’t Obstruct an Agent's Investigation 


Once it's clear that a border agent is going to search your device or other possessions, don't take 
any steps to destroy data or otherwise obstruct that process. Like lying, knowingly interfer- 

ing with a border agent's investigation is a serious crime.*° Write down the agent's identifying 
information and collect a receipt for property if appropriate. Then file a complaint or consult a 
lawyer about getting the item back. (For information on filing a complaint to CBP or ICE, see 
the Appendix to this paper.) 


Courtesy 


It's in your interest to be courteous to agents at all times during the border inspection process. 
CBP agents should also be courteous and professional while searching your belongings, detain- 
ing, or questioning you.” If they fail to do so, you can file a complaint. 
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Appendix 


Resources for International Travelers With 
Border Search Issues 


Problems with or questions about an ICE or CBP examination? 


If you have a question about CBP or wish to submit a formal complaint about a CBP examina- 


tion, please go to <https://help.cbp.gov/app/forms/complaint>. 
p rod p P-cbp.g' Pp p 


To file a civil rights complaint against either CBP or ICE, you can file a complaint with the De- 
partment of Homeland Security Office of Civil Rights and Civil Liberties. You may download 
a complaint form at <http://www.ice.gov/doclib/secure-communities/pdf/crcl-complaint- 
submission-form-english.pdf>. 


Have you been repeatedly referred to secondary screening? Do you sus- 
pect your name is on a watch list? 


You may submit a complaint to the Department of Homeland Security's Traveler Redress 
Inquiry Program at <https://trip.dhs.gov/>. 


Want to know what information CBP or ICE has on file about you? 


Anyone can seek copies of records about themselves through the Freedom of Information Act. 
You can use the Privacy Act to ask for the same information if you're a U.S. citizen or lawful 
permanent resident. 


For information about submitting a request to CBP, see <http://www.cbp.gov/xp/cgov/ad- 
min/fl/foia/reference_guide.xml>. 


To request records from ICE, see <http://www.ice.gov/foia>. 


Feel as though your privacy or civil rights have been violated during a bor- 
der search? 


Please visit the Department of Homeland Security's Traveler Redress Inquiry Program to 
specify all scenarios that apply to your travel experience at <https://trip.dhs.gov/>. 


Do you have further questions? 


Contact an attorney for help. 
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plications, available at <https://db.usenix.org/event/hotsec08/tech/full_papers/czeskis/czeskis.pdf>. 


See <http://simson.net/ref/2006/>. 


Undeletion is a standard, built-in feature of forensic products used by law enforcement and border agen- 
cies. It works reliably if deletion was done recently, It may work even after an operating system reinstallation 
(“slack space”), depending on how the reinstallation process works. (However, it typically doesn’t work after 
OS reinstallation if full-disk encryption was used on the previous OS image, because the new operating 
system will overwrite the decryption keys and make the old system's encrypted data unrecoverable.) 


DBAN is available from http://www.dban.org/. 


Czeskis et al. point out that the operating system and applications can leak significant information about the 
existence of, and the files stored within, a hidden volume: 


[These risks] also seem applicable to regular (non-deniable) disk encryption systems in which only a subset 
of all the user's entire disks are encrypted and in which a user does not deny the existence of the encrypted re- 
gions but does refuse to divulge the passwords. [...] In summary with regard to disk encryption, in situations 
where there is a need to protect the privacy of individual files, the safest strategy appears to be to encrypt the 
full disk [...] For example, the authors found that Microsoft Word would periodically auto-save copies of a 
document being edited. Even if the document being edited was located on an encrypted volume, Word could 
place the auto-saved copies on an unencrypted volume; even though they were automatically deleted, these 
copies could easily by undeleted by a forensic examiner. (In a similar vein, applications may create and store a 
“preview” or “icon” version of documents and images they open.) Supra note [23]. 


https://twitter.com/#!/csoghoian/status/75793 191177166849 (“4GB SD cards are cheap, can be destroyed 
before going through US customs, and by taking out my [hard drive], my laptop battery now lasts 8 hrs.’) 


See <https://secure.wikimedia.org/wikipedia/en/wiki/Comparison_of_disk_encryption_software>. 


See EFF’s DES Cracker page: <https://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/ 
HTML/19980716_eff_des_faq.html> 


For a useful general discussion of passphrases, see Indiana University UITS, “Passwords and Passphrases’, 
available at <http://kb.iu.edu/data/acpu.html>, and “Passphrases’, availalbe at <http://protect.iu.edu/cy- 
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bersecurity/safeonline/passphrases>. These documents are not specifically focused on passphrases for disk 
encryption; bear in mind our warning, infra note [34]. 


Arnoud Engelfriet, The Passphrase FAQ, available at <http://www.iusmentis.com/security/passphrase- 
faq/>. 


See Reinhold’s Diceware page at <http://world.std.com/~reinhold/diceware.html>. 


xked #936, available at <https://www.xkcd.com/936/>. Note that this phrase is likely too short for disk 
encryption use; Munroe calculates its strength at only 44 bits. Reinhold’s advice suggests using at least five 
random words for a passphrase for encryption purposes, when the words are chosen from a list that includes 
only simple everyday words. Exactly how long or unpredictable a passphrase needs to be to be secure against 
cracking by machines is a complex question, and relies on speculation and assumptions about the capabili- 
ties of the organizations that will try to crack your passphrase. Some disk encryption systems can be safe 
even with relatively short passphrases because of how they use key stretching technologies; see <https:// 
en.wikipedia.org/wiki/PBKDF2#Disk_encryption_software>. But you should not use this as an excuse to 
choose a simpler passphrase unless you understand the precise technical details of how the disk encryption 
software you've chosen uses key stretching. Note that this comic is licensed under a Share ADDITIONAL 
NOTE: licensed under a Creative Commons Attribution-NonCommercial 2.5 License. 





Simply using a quotation or song lyric by itself is not safe because there are readily available lists of quotations 
and lyrics, comprising only millions of distinct sentences. This is a tiny number for a computer to test. Your 
passphrase should never be identical to anything that has ever been published anywhere. 


<http://point-at-infinity.org/ssss/>. 
<http://sourceforge.net/projects/secretsharp/>. 


See In re Grand Jury Subpoena to Sebastien Boucher, 2:06-mj-91, 2007 WL 4246473 (D. Vt. Nov. 29, 
2007), appeal sustained by 2009 WL 424718 (D. Vt. Feb. 29, 2009); United States v. Rogozin, 09-CR-379, 
2010 WL 4628520 at **5-6 (W.D.N.Y. Nov. 16, 2010); United States v. Kirschner, No. 09-MC-50872, 2010 
WL 1257355 (E.D. Mich. March 30, 2010). 


This should become far easier and more routine in the future, as suggested by Roxana Geambasu, John P, 
John, Steven D. Gribble, Tadayoshi Kohno, and Henry M. Levy Keypad: An Auditing File System for Theft- 
Prone Devices, in Proceedings of the European Conference on Computer Systems (EuroSys), Salzburg, 
Austria, April 2011, available at <http://eurosys2011.cs.uni-salzburg.at/pdf/eurosys2011-geambasu.pdf>. 


Geambasu et al. describe an encryption system where a network server, rather than an end-user, holds the 
keys. Under normal circumstances, the server will immediately provide the keys to decrypt any file that a 
user wants to use, but the server operator can temporarily or permanently revoke a device's ability to request 
decryption keys (for example, if the device is lost). When practical implementations of this system become 
available, they could be ideal for border crossings, because a server can turn off decryption key access for a 
traveler's laptop at a given time and re-enable it only after the traveler has passed through immigration and 
customs. 


Michael Wei, Laura M. Grupp, Frederick E. Spada, and Steven Swanson, Reliably Erasing Data From Flash- 
Based Solid State Drives (in Proceedings of the 9th USENIX Conference on File and Storage Technologies), 
available at <https://db.usenix.org/events/fast11/tech/full_papers/Wei.pdf>. Wei et al. note that, “[t]he 
internals of an SSD [solid state drive] differ in almost every respect from a hard drive, so assuming that the 
erasure techniques that work for hard drives will also work for SSDs is dangerous.” 


Not all mobile service plans support using your SIM card in a foreign country. If in doubt, contact your mo- 
bile phone carrier. 


“Deleted” photos on cameras are generally not really erased, and can be trivially undeleted using a computer 
and widely available software. Undeleting photos from a cameras memory card does not usually require spe- 
cial technical expertise or forensic training. 


See Inspection of Electronic Devices, supra, note [19] at 1; U.S. Customs and Border Protection, Reasons 
You May Be Searched By CBP, https://help.cbp.gov/app/answers/detail/a_id/26/kw/border%20search 
(last visited Oct. 4, 2011). 


ELECTRONIC FRONTIER FOUNDATION 22 EFF.ORG 


44 


45 


46 


47 


For example, the government may refuse non-citizens entry into the U.S. for a variety of reasons. Immigra- 
tion and Nationality Act § 212(a), 8 U.S.C. § 1182 (2010). While few judges have shed light on the issue, at 
least one court has found that U.S. citizens have an Mabsolute and unqualified right to reside in the United 
States and cannot be denied reentry. United States v. Valentine, 288 F. Supp. 957, 980 (D.P.R. 1968); see also 
Worthy v. United States, 328 F.2d 386 (5th Cir. 1964) (“We think it is inherent in the concept of citizenship 
that the citizen, when absent from the country to which he owes allegiance, has a right to return, again to set 
foot on its soil.”), 


18 U.S.C. § 1001 (2006) (it is a crime to willfully or knowingly “falsif[y], conceal[], or cover[] up by any trick, 
scheme, or device a material fact” or make “any materially false, fictitious, or fraudulent statement or represen- 
tation’ to a federal agent). 


18 U.S.C. § 1519 (2006) (it is a crime to “knowingly alter[], destroy[], mutilates[], conceal|[], cover[] up, 
falsif[y], or make[] a false entry in any record, document, or tangible object with the intent to impede, 
obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any 
department or agency of the United States[.]” 


US. Dep't of Homeland Security Customs and Border Protection, Inspection of Electronic Devices at 1, 
hetp://www.cbp.gov/linkhandler/cgov/travel/admissibility/msa_tearsheet.ctt/msa_tearsheet.pdf (last vis- 
ited Oct. 4, 2011) (“If you are subject to inspection, you should expect to be treated in a courteous, dignified, 
and professional manner.’). 
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